UNIT III ACCESS CONTROL AND SECURITY

Network Access Control: Network Access Control, Extensible

Authentication Protocol, IEEE 802.1X Port-Based Network Access Control - IP
Security - Internet Key Exchange (IKE). Transport-Level Security: Web Security
Considerations, Secure Sockets Layer, Transport Layer Security, HTTPS standard,
Secure Shell (SSH) application.
NETWORK ACCESS CONTROL
Network access control (NAC) is an umbrella term for managing access to a network.
NAC authenticates users logging into the network and determines what data they can access
and actions they can perform. NAC also examines the health of the user’s computer or mobile
device Network access control comes with a number of benefits for organizations:
Elements of a Network Access Control System
NAC systems deal with three categories of components:
Access requestor (AR):
The AR is the node that is attempting to access the Network and may be any device
that is managed by the NAC system, including Workstations, servers, printers, cameras, and
other IP-enabled devices. ARs are also referred to as supplicants, or simply, clients.

Policy server:
Based on the AR’s posture and an enterprise’s defined policy, the policy server
determines what access should be granted. The policy server often relies on backend systems,
including antivirus, patch management, or a user directory, to help determine the host’s
condition.

Network access server (NAS):

The NAS functions as an access control point for users in remote locations
connecting to an enterprise’s internal network. Also called a media gateway, a remote access
server (RAS), or a policy server, an NAS may include its own authentication services or rely
on a separate authentication service from the policy server.

CCS354 NETWORK SECURITY 1 UNIT III ACCESS CONTROL AND SECURITY

 Figure Network Access Control Context
Above Figure is a generic network access diagram. A variety of different ARs seek
access to an enterprise network by applying to some type of NAS. The first step is generally
to authenticate the AR. Authentication typically involves some sort of secure protocol and the
use of cryptographic keys. Authentication may be performed by the NAS, or the NAS may
mediate the authentication process. In the latter case, authentication takes place between the
supplicant and an authentication server that is part of the policy server or that is accessed by
the policy server.
Once an AR has been authenticated and cleared for a certain level of access to the
enterprise network, the NAS can enable the AR to interact with resources in the enterprise

CCS354 NETWORK SECURITY 2 UNIT III ACCESS CONTROL AND SECURITY

network. The NAS may mediate every exchange to enforce a security policy for this AR, or
may use other methods to limit the privileges of the AR.
Network Access Enforcement Methods Enforcement methods are the actions that are
applied to ARs to regulate a to the enterprise network. Many vendors support multiple
enforcement methods simultaneously, allowing the customer to tailor the configuration by
using one or combination of methods. The following are common NAC enforcement
methods.
IEEE 802.1X: This is a link layer protocol that enforces authorization before a port is
assigned an IP address. IEEE 802.1X makes use of the Extensible Authentication Protocol for
the authentication process.
Virtual local area networks (VLANs): In this approach, the enterprise network,
consisting of an interconnected set of LANs, is segmented logically into a number of virtual
LANs.
Firewall: A firewall provides a form of NAC by allowing or denying network traffic
between an enterprise host and an external user.
DHCP management: The Dynamic Host Configuration Protocol (DHCP) is an
Internet protocol that enables dynamic allocation of IP addresses to hosts. A DHCP server
intercepts DHCP requests and assigns IP addresses instead. Thus, NAC enforcement occurs
at the IP layer based on subnet and IP assignment.
EXTENSIBLE AUTHENTICATION PROTOCOL
The Extensible Authentication Protocol (EAP), defined in RFC 3748, acts as a Framework
for network access and authentication protocols. EAP provides a set of protocol messages that can
encapsulate various authentication methods to be used between a client and an authentication
server. EAP can operate over a variety of network and link level facilities, including point-to-point
links, LANs, and other networks, and can accommodate the authentication needs of the various
links and networks.

CCS354 NETWORK SECURITY 3 UNIT III ACCESS CONTROL AND SECURITY

 Figure:EAP Layered Context
Numerous methods have been defined to work over EAP. The following are commonly supported
EAP methods:
EAP-TLS (EAP Transport Layer Security): EAP-TLS (RFC 5216) defines how the TLS
protocol (described in Chapter 17) can be encapsulated in EAP messages. EAP-TLS uses the
handshake protocol in TLS, not its encryption method. Client and server authenticate each other
using digital certificates. Client generates a pre-master secret key by encrypting a random number
with the server’s public key and sends it to the server. Both client and server use the pre-master to
generate the same secret key.
EAP-TTLS (EAP Tunneled TLS): EAP-TTLS is like EAP-TLS, except only the server has a
certificate to authenticate itself to the client first. As in EAP- TLS, a secure connection (the
“tunnel”) is established with secret keys, but that connection is used to continue the authentication
process by authenticating the client and possibly the server again using any EAP
method or legacy method such as PAP (Password Authentication Protocol) and CHAP (Challenge-
Handshake Authentication Protocol). EAP-TTLS is defined in RFC 5281.
EAP-GPSK (EAP Generalized Pre-Shared Key): EAP-GPSK, defined in RFC 5433, is an EAP
method for mutual authentication and session key derivation using a Pre-Shared Key (PSK). EAP-
GPSK specifies an EAP method based on pre-shared keys and employs secret key-based
cryptographic algorithms.
EAP-IKEv2: It is based on the Internet Key Exchange protocol version 2 (IKEv2), which is
described in Chapter 20. It supports mutual authentication and session key establishment using a
variety of methods. EAP-TLS is defined in RFC 5106.
EAP Exchanges
Whatever method is used for authentication, the authentication information and authentication
protocol information are carried in EAP messages.

CCS354 NETWORK SECURITY 4 UNIT III ACCESS CONTROL AND SECURITY

 EAP Protocol Exchange

CCS354 NETWORK SECURITY 5 UNIT III ACCESS CONTROL AND SECURITY

 EAP Message Flow in Pass-Through Mode

IEEE 802.1X PORT-BASED NETWORK ACCESS CONTROL

IEEE 802.1X Port-Based Network Access Control was designed to provide access
control functions for LANs. Table 16.1 briefly defines key terms used in the IEEE 802.11
standard. The terms supplicant, network access point, and authentication server correspond to
the EAP terms peer, authenticator, and authentication server, respectively.
The essential element defined in 802.1X is a protocol known as EAPOL (EAP over
LAN). EAPOL operates at the network layers and makes use of an IEEE 802 LAN, such as
Ethernet or Wi-Fi, at the link level.

CCS354 NETWORK SECURITY 6 UNIT III ACCESS CONTROL AND SECURITY

CCS354 NETWORK SECURITY 7 UNIT III ACCESS CONTROL AND SECURITY
The EAPOL packet format includes the following fields:
Protocol version: version of EAPOL.
Packet type: indicates start, EAP, key, logoff, etc.
Packet body length: If the packet includes a body, this field indicates the body length.
Packet body: The payload for this EAPOL packet. An example is an EAP packet.

CCS354 NETWORK SECURITY 8 UNIT III ACCESS CONTROL AND SECURITY

IP SECURITY:
Overview of IPSec:
1. Different application specify security mechanism are developed such as electronic mail
(PAG, S/MIME), client/server (Kerberos), web access(secure sockets layer). An IP level
security can ensure networking not only for applications with security mechanisms but also
for many security ignorant applications.
2. IP security (IPSec) is the capability that can be added to present versions of Internet protocol
(IPv4and IPv6) by means of additional headers for secure communication across LAN,
WAN and Internet).
3. IPSec is set of protocols and mechanism that provide confidentiality, authentication, massage
integrity and replay detection at IP layer. The device (firewall or gateway) on which the
IPSec mechanisms reside is called as security Gateway.
4. IPSec has two modes of operation
1. Transport mode
2. Tunnel mode
IPSec uses two protocols for message security.
1. Authentication Header (AH) protocol
2. Encapsulating Security Payload (ESP) protocol

CCS354 NETWORK SECURITY 9 UNIT III ACCESS CONTROL AND SECURITY

Applications of IPSec
1. Secure branch office connectivity over the Internet: A company can build a secure virtual
private network over the Internet or over a public WAN. This enables a business to rely
heavily on the Internet and reduce its need for private networks, saving costs and network
management overhead.
2. Secure remote access over the Internet: An end user whose system is equipped with IP
security protocols can make a local call to an Internet Service Provider (ISP) and gain secure
access to a company network. This reduces the cost of toll charges for traveling employees
and telecommuters.
3. Establishing extranet and intranet connectivity with partners: With IPSec secure
communication with other organizations, ensuring authentication and confidentiality and
providing a key exchange mechanism.
4. Enhancing electronic commerce security: Uses of IPSec enhances the security in
electronic commerce applications.
IPSec Scenario:
1. Figure shows an IP security scenario.
2. Many organizations have LAN at multiple places. The IPSec protocols are used which
operates in networking devices e.g. router or firewall.
3. The IPSec networking encrypts and compresses the outgoing traffic while it decrypt and
decompress all incoming traffic. These processes are transparent to workstation and servers
on LAN.
Benefits of IPSec
Some of the benefits of IPSec:
1. IPSec provides strong security within and across the LAN.
2. IPSec in a firewall is resistant to bypass if all traffic from the outside must use Ip.
3. No need to change software for implementing IPSec.
4. IPSec can be transparent to end users.
5. IPSec can provide security for individual users if needed.
IP Security Architecture:
1. IPSec mechanism uses Security policy database(SPD) which determines how a message are
to handle also the security services needed and path the packet should take.
2. Various documents are used to define complex IPSec specification. The overall architecture
of IPSec is constituted by three major components.
1. IPSec documents
2. IPSec services
3. Security Association

CCS354 NETWORK SECURITY 10 UNIT III ACCESS CONTROL AND SECURITY

IPSec Documents
IPSec encompasses three functional areas: authentication, confidentiality, and key
management. The totality of the IPSec specification is scattered across dozens of RFCs and
draft IETF documents, making this the most complex and difficult to grasp of all IETF
specifications.
The documents can be categorized into the following groups.
1. Architecture: Covers the general concepts, security requirements, definitions, and
mechanisms defining IPSec technology.
2. Authentication Header (AH): covers packet format, general issues.
3. Encapsulating Security Payload (ESP): covers packet format, general issues.
4. Internet Key Exchange (IKE): This is a collection of documents describing the key
management schemes for use with IPSec. The main specification is RFC 4306,
Internet Key Exchange (IKEv2) Protocol, but there are a number of related RFCs.
5. Cryptographic algorithms: This category encompasses a large set of documents that
define and describe cryptographic algorithms for encryption, message authentication,
pseudorandom functions (PRFs), and cryptographic key exchange.
6. Other: There are a variety of other IPSec-related RFCs, including those dealing with
security policy and management information base (MIB) content.
Architecture

ESP protocol AH protocol

Encryption Authentication
algorithm algorithm

IPSec Services
Domain of
interpretation
CCS354 NETWORK SECURITY 11 UNIT III ACCESS CONTROL AND SECURITY

Key management
 1. IPSec provides security services at the IP layer by enabling a system to select required
security protocols, determine the algorithm(s) to use for the service(s), and put in place any
cryptographic keys required to provide the requested services.
2. Two protocols are used to provide security: an authentication protocol designated by the
header of the protocol, Authentication Header (AH); and a combined encryption/
authentication protocol designated by the format of the packet for that protocol,
Encapsulating Security Payload (ESP). RFC 4301 lists the following services:
1. Access control
2. Connectionless integrity
3. Data origin authentication
4. Rejection of replayed packets (a form of partial sequence integrity)
5. Confidentiality (encryption)
6. Limited traffic flow confidentiality
IPSec protocol suit:
1. IP Packet consists of two parts, IP Header and Data. IPSec features are incorporated into an
additional IP Header called extension Header. Different Extension Header is used for
different services.
IPSec
2. IPSec defines two protocol
1. AH
2. ESP

Security Associations Authentication Encapsulating

1. A key concept that appears in bothHeader(AH)
the authentication and confidentiality mechanisms
Security for IP
is the security association (SA).An association is a one-way logical connection between
Payload(ESP) a
sender and a receiver for two-way secure exchange, and then two security associations are
required.
2. A security association is uniquely identified by three parameters.
1. Security Parameters Index (SPI): A bit string assigned to this SA and having
local significance only. The SPI is carried in AH and ESP headers to enable the
receiving system to select the SA under which a received packet will be processed.
2. IP Destination Address: This is the address of the destination endpoint of the SA,
which may be an end-user system or a network system such as a firewall or router.
3. Security Protocol Identifier: This field from the outer IP header indicates
whether the association is an AH or ESP security association.
Security parameters:
A security association is normally defined by the following parameters.
1. Security Parameter Index: A 32-bit value selected by the receiving end of an SA to
uniquely identify the SA.
2. Sequence Number Counter: A 32-bit value used to generate the Sequence Number field in
AH or ESP headers, described in Section 19.3 (required for all implementations).
3. Sequence Counter Overflow: A flag indicating whether overflow of the Sequence Number
Counter should generate an auditable event and prevent further transmission of packets on
this SA (required for all implementations).
4. Anti-Replay Window: Used to determine whether an inbound AH or ESP packet is a replay

CCS354 NETWORK SECURITY 12 UNIT III ACCESS CONTROL AND SECURITY

 5. AH Information: Authentication algorithm, keys, key lifetimes, and related parameters
being used with AH (required for AH implementations).
6. ESP Information: Encryption and authentication algorithm, keys, initialization values, key
lifetimes, and related parameters being used with ESP (required for ESP implementations).
7. IPsec Protocol Mode: Tunnel, transport, or wildcard.
8. Path MTU: Any observed path maximum transmission unit (maximum size of a packet that
can be transmitted without fragmentation) and aging variables (required for all
implementations).

TRANSPORT MODE:
AH and ESP can support two modes of operation.
1. Transport mode
2. Tunnel mode

1. Transport mode provides protection primarily for upper-layer protocols. That is, transport
mode protection extends to the payload of an IP packet. Examples include a TCP or UDP
segment or an ICMP packet.
2. The transport mode is used for end-to-end communication between two hosts (e.g., a client
and a server, or two workstations).
3. ESP in transport mode encrypts and optionally authenticates the IP payload but not the IP
header.
4. AH in transport mode authenticates the IP payload and selected portions of the IP header.

TUNNEL MODE:
1. Tunnel mode provides protection to the entire IP packet. To achieve this, after the AH or ESP
fields are added to the IP packet, the entire packet plus security fields is treated as the
payload of new outer IP packet with a new outer IP header.
2. The entire original, inner, packet travels through a tunnel from one point of an IP network to
another; no routers along the way are able to examine the inner IP header. Because the
original packet is encapsulated, the new, larger packet may have totally different source and
destination addresses.
3. Tunnel mode is used when one or both ends of a security association (SA) are a security
gateway, such as a firewall or router that implements IPsec.
4. With tunnel mode, a number of hosts on networks behind firewalls may engage in secure
communications without implementing IPsec. The unprotected packets generated by such
hosts are tunneled through external networks by tunnel mode SAs set up by the IPsec
software in the firewall or secure router at the boundary of the local network.
5. ESP in tunnel mode encrypts and optionally authenticates the entire inner IP packet,
including the inner IP header.
6. AH in tunnel mode authenticates the entire inner IP packet and selected portions of the outer
IP header.
Table 19.1 summarizes transport and tunnel mode functionality.

CCS354 NETWORK SECURITY 13 UNIT III ACCESS CONTROL AND SECURITY

 A
Authentication Header:
1. It provides support for data integrity and authentication of IP packets.
2. The data integrity feature ensures that undetected modification to a packet's content in transit
is not possible.
3. The authentication feature enables an end system or network device to authenticate the user at
the other end and decides to accept or reject packets accordingly.
4. It also prevents the address spoofing attacks.
5. Authentication is based on the use of a message authentication code (MAC) protocol, i.e. two
communication parties must share a secret key.
6. The Authentication Header consists of the following fields (Figure 16.3)

1. Next Header (8 bits): Identifies the type of header immediately following this header.
2. Payload Length (8 bits): Length of Authentication Header in 32-bit words, minus 2. For
example, the default length of the authentication data field is 96 bits, or three 32-bit words.
With a three-word fixed header, there are a total of six words in the header, and the Payload
Length field has a value o

CCS354 NETWORK SECURITY 14 UNIT III ACCESS CONTROL AND SECURITY

 1. Reserved (16 bits): For future use.
2. Security Parameters Index (32 bits): Identifies a security association.
3. Sequence Number (32 bits): A monotonically increasing counter value, discussed later.
4. Authentication Data (variable): A variable-length field (must be an integral number of 32-
bit words) that contains the Integrity Check Value (ICV), or MAC, for this packet, discussed
later.
Replay attack
1. Suppose user A wants to transfer some amount to user C’s bank account.
2. Both user A and C have the account with bank B.
3. User A might send an electronic message to ban B requesting for the funds transfer.
4. User C could capture this message and send a second copy of the message to bank B.
5. Band B have no idea that this is as unauthorized message.
6. User C would get the benefit of the funds transfer twice.
Authentication Data:
Also called Integrity check value for the datagram. This value is the MAC used for
authentication and integrity purpose.

AH Transport Mode:
1. The position of the AH is between the original IP header and original TCP header of the IP
packet.
2. Figure shows the AH in transport mode

AH Tunnel Mode:
1. The entire original IP packet is authenticated.

CCS354 NETWORK SECURITY 15 UNIT III ACCESS CONTROL AND SECURITY

 2. AH is inserted between the original IP header and a new outer IP header. Figure shows AN
Tunnel mode.

ENCAPSULATING SECURITY PAYLOAD:

ESP can be used to provide confidentiality, data origin authentication, connectionless integrity,
an anti-replay service (a form of partial sequence integrity), and (limited) traffic flow
confidentiality.
ESP Format:
Figure 19.5a shows the top-level format of an ESP packet. It contains the following fields.
1. Security Parameters Index (32 bits): Identifies a security association.
2. Sequence Number (32 bits): A monotonically increasing counter value; this provides an
anti-replay function, as discussed for AH.
3. Payload Data (variable): This is a transport-level segment (transport mode) or IP packet
(tunnel mode) that is protected by encryption.
4. Padding (0 – 255 bytes): The purpose of this field is discussed later.
5. Pad Length (8 bits): Indicates the number of pad bytes immediately preceding this field.
6. Next Header (8 bits): Identifies the type of data contained in the payload data field by
identifying the first header in that payload.
7. Integrity Check Value (variable): A variable-length field (must be an integral number of
32-bit words) that contains the Integrity Check Value computed over the ESP packet minus
the Authentication Data field.

CCS354 NETWORK SECURITY 16 UNIT III ACCESS CONTROL AND SECURITY

Encryption and Authentication Algorithms
The Payload Data, Padding, Pad Length, and Next Header fields are encrypted by the ESP
service.Various algorithms used for encryption are
1. Three triple DES
2. RCS
3. IDEA
4. Three-key triple IDEA
5. CAST
6. Blowfish

Padding
The Padding field serves several purposes:
1. To expand the plain text If an encryption algorithm requires the plaintext to be a multiple of
some number of bytes
2. To assure the alignment of cipher text to make it integer multiple of 32-bits.
3. Additional padding may be added to provide partial traffic-flow confidentiality by
concealing the actual length of the payload.

CCS354 NETWORK SECURITY 17 UNIT III ACCESS CONTROL AND SECURITY

COMBINING SECURITY ASSOCIATIONS
1. The term security association bundle refers to a sequence of SAs through which traffic must
be processed to provide a desired set of IPsec services.
Security associations may be combined into bundles in two ways:
1. Transport adjacency: Transport adjacency means applying more than one security
protocol to the same IP packet without invoking tunneling. It allows only one level
of combination of AH and ESP.
2. Iterated tunneling: Iterated tunneling is the application of multiple layers of
security protocols formed through IP tunneling. This approach allows for multiple
levels of nesting.
2. SA can implement either AH or ESP protocol, but not both. Traffic flow may require separate
IPsec services between hosts. SA bundles is the order in which authentication and encryption
may be applied between a given pair of endpoints
3. SAs many combine into bundles in two ways:
1. Transport adjacency: Applying more than one security protocol to the same IP
packet without invoking tunneling. It allows only one level of combination, no
nesting.
2. Iterated tunneling: Application of multiple layers of security protocols formed
through IP tunneling, multiple layers of nesting.

4. Several approaches to combining authentication and confidentiality. ESP is used with its
authentication option
1. First apply ESP then append the authentication data field
2. Authentication applies to cipher text rather than plaintext

INTERNET KEY EXCHANGE (IKE):

1. The key management is related to determination and distribution of secret keys. A typical
requirement is four keys for communication between two applications: transmit and receive
pairs for both integrity and confidentiality.
2. The IPsec Architecture document mandates support for two types of key management:
1. Manual: A system administrator manually configures each system with its own keys
and with the keys of other communicating systems. This is practical for small,
relatively static environments.
2. Automated: An automated system enables the on-demand creation of keys for SAs
and facilitates the use of keys in a large distributed system with an evolving
configuration.
3 It uses two protocols:
 Oakley Key Determination Protocol:
 Internet Security Association and Key Management Protocol (ISAKMP):

1 Oakley Key Determination Protocol:

CCS354 NETWORK SECURITY 18 UNIT III ACCESS CONTROL AND SECURITY

 1. Oakley is a key exchange protocol based on the Diffie-Hellman algorithm. Two users A and
B agree on two global parameters: q, a large prime number and a primitive root of q.
2. Secret keys created only when needed. Exchange requires no preexisting infrastructure.
3. Disadvantage of this method: subject to MITM attack.
Features of Oakley:
1. Employs cookies to thwart clogging attacks
2. Two parties can negotiate a group(modular exponentiation or elliptic curves)
3. Uses nonces to ensure against replay attacks.
4. Enables the exchange of Diffie-Hellman public key values.
5. Authenticates the Diffie-Hellman exchange to thwart MITM attacks.

Internet key exchange protocol

1. Internet key exchange (IKE) protocol supports key management procedures of IPsec.
2. IKE negotiates the cryptography algorithms for AH and ESP in actual c+ryptographic
operations.
3. IKE is initial phase of Ipse, in the algorithms and keys are decided. After this phas
4. ESP operations takes place

. Step: 1
IKE

Algorithms and Keys

Step: 2
AH/ESP

Operations

Three different authentication methods can be used with IKE key determination:
Digital signatures: The exchange is authenticated by signing a mutually obtainable hash;
each party encrypts the hash with its private key. The hash is generated over important
parameters, such as user IDs and nonces.
Public-key encryption: The exchange is authenticated by encrypting parameters such as IDs
and nonces with the sender’s private key.
Symmetric-key encryption: A key derived by some out-of-band mechanism can be used to
authenticate the exchange by symmetric encryption of ex-change parameters.
IKEv2 exchanges

CCS354 NETWORK SECURITY 19 UNIT III ACCESS CONTROL AND SECURITY

The IKEv2 protocol involves the exchange of messages in
pairs. The first two pairs of exchanges are referred to as the initial exchanges

IKEv2 Exchanges
Header and Payload Formats
IKE defines procedures and packet formats to establish, negotiate, modify, and de-lete
security associations. As part of SA establishment, IKE defines payloads for exchanging key
generation and authentication data.

CCS354 NETWORK SECURITY 20 UNIT III ACCESS CONTROL AND SECURITY

 These elements are formatted as substructures within the payload as follows.
Proposal: This substructure includes a proposal number, a protocol ID (AH, ESP, or
IKE), an indicator of the number of transforms, and then a trans-form substructure. If
more than one protocol is to be included in a proposal, then there is a subsequent
proposal substructure with the same proposal number.

CCS354 NETWORK SECURITY 21 UNIT III ACCESS CONTROL AND SECURITY

 Transform: Different protocols support different transform types. The trans-forms
are used primarily to define cryptographic algorithms to be used with a particular
protocol. Attribute: Each transform may include attributes that modify or complete
the specification of the transform. An example is key length.
Transport-Level Security
WEB SECURITY: TLS
1. The web is very visible. The www is widely used by business, government agencies, and
many individuals. But the internet and the web are extremely vulnerable to compromises of
various sorts, with range of threats.
2. Complex software hides many security flaws. Web servers are easy to configure and
manage. Users are not aware of this risk.
3. These can be described as passive attacks including eavesdropping on outwork traffic
between browser and server and gaining access to information on a web site that is supposed
to be restricted.
4. Active attacks including impersonating another user, altering message between client and
server, and altering information on a web site. The web needs added security mechanisms to
address these threats.
Web Traffic Security Approaches
1. Various approaches are used for providing security to the web. One of the examples is IP
Security.
2. Following table shows the comparison of threats on the web.

Figure shows the relative location of securityfacilitiesin the Tcp/Ip protocol stack

CCS354 NETWORK SECURITY 22 UNIT III ACCESS CONTROL AND SECURITY

TRANSPORT LAYER SECURITY (TLS):

1. Transport layer security (TLS) is a feature of mail servers designed to secure the transmission
of electronic mail from one server to another using encryption technology. TLS can reduce
the risk of eavesdropping tampering and message forgery mail communications.
2. TLS is a security protocol from the internet engineering task force (IETF) that is based on the
secure sockets layer (SSL) 3.0 protocols developed by Netscape.
3. TLS was designed to provide security at the transport layer. TLS is a non-proprietary version
of SSL. For transactions on internet, a browser needs:
1. Make sure that server belongs to the actual vendor.
2. Contents of message are not modified during transition.
3. Make sure that the imposter does not interpret sensitive information such as credit
card number.

HTTP

TLS

TCP

IP

TLS has two protocols: Handshake and data exchange protocol

1. Handshake: responsible for negotiating security, the server and client and the negotiation of
an encryption algorithm and cryptographic keys before the application protocol transmits or
receives any data.

CCS354 NETWORK SECURITY 23 UNIT III ACCESS CONTROL AND SECURITY

2. Data exchange (record) protocol: Data exchange (record) protocol uses the secret key to
encrypt the data for secrecy and to encrypt the message digest for integrity. The TLS record
protocol is designed to protect confidentiality by using symmetric data encryption.

Handshake protocol:
1. Browser sends a hello message that includes TLS version and some preferences
2. Server sends certificate messages that include the public key of the server. The public key is
certificated by some certification authority, which means that the public key is encrypted by
a CA private key. Browser has a list of CAs and their public keys. It uses the corresponding
key to decrypt the certification and finds the server public key. This also authenticates the
server because the public key is certificated by the CA.
3. Browser sends a secret key, encrypts it with a server public key and sends it to the server.
4. Bowser sends a message, encrypted by the secret key to inform the server that handshaking is
terminating from the browser key.
5. Server decrypts the secret key using it private key and decrypts the message using the secret
key. It then sends a message, encrypted by the secret key, to inform the browser that
handshaking is terminating from the server side.

CCS354 NETWORK SECURITY 24 UNIT III ACCESS CONTROL AND SECURITY

CCS354 NETWORK SECURITY 25 UNIT III ACCESS CONTROL AND SECURITY
SSL(SECURE SOCKET LAYER):
1. SSL protocol is an internet protocol for securer exchange of information between a web
browser and a web server.
2. SSL is designed to make use of TCP to provide a reliable end-to-end secure service.
3. The SSL Record Protocol provides basic security services between TCP and applications that
use TCP. The SSL protocol is an internet protocol for secure exchange of information
between a web browser and a web server
Features of SSL:
1. SSL server authentication, allowing a user to confirm a server’s identity.
2. SSL client authentication, allowing a server to confirm a user’s identity.
3. An encrypted SSL session in which all information sent between browser and server is
encrypted by sending software and decrypted by the receiving software.
4. SSL supports multiple cryptographic algorithms.
SSL Architecture:
1. SSL uses TCP to provide reliable end-end secure service. SSL consists of two sub protocols,
one for establishing a secure connection and other for using it. Figure shows SSL protocol
stack.

SSL record protocol: It provides basic security services to various higher layer protocols.
HTTP: provides the transfer service for web client/server interaction.
SSL Handshake protocol, SSL change cipher protocol, SSL Alert protocol: Management of
exchanges.
SSL Record Protocol
1. The SSL Record protocol provides services for SSL connection
1. Confidentiality-Handshake protocol for encryption of SSL payload.
2. Message integrity-Handshake protocol for Message authentication code(MAC).
2. SSL record protocol operation is shown in fig

CCS354 NETWORK SECURITY 26 UNIT III ACCESS CONTROL AND SECURITY

Handshake protocol:
1. Hand shake protocol allows the server and client to authenticate each other and to negotiate
an encryption before transmitting application data various message are used in protocol.
Table enlists this message and their associated function.

Figure shows Handshake protocol:

CCS354 NETWORK SECURITY 27 UNIT III ACCESS CONTROL AND SECURITY

Alert Protocol
The Alert Protocol is used to convey SSL-related alerts to the peer entity. As with
other applications that use SSL, alert messages are compressed and encrypted, as
specified by the current state.

CCS354 NETWORK SECURITY 28 UNIT III ACCESS CONTROL AND SECURITY

 SSL Record Protocol

CCS354 NETWORK SECURITY 29 UNIT III ACCESS CONTROL AND SECURITY

Alert Messages

HTPPS
HTTPS (HTTP over SSL) refers to the combination of HTTP and SSL to im-
plement secure communication between a Web browser and a Web server.
The HTTPS capability is built into all modern Web browsers. Its use depends
on the Web server supporting HTTPS communication.
For example,
some search engines do not support HTTPS. Google provides HTTPS as an option:
https://google.com.
The principal difference seen by a user of a Web browser is that URL (uni-
form resource locator) addresses begin with https:// rather than http://. A normal
HTTP connection uses port 80. If HTTPS is specified, port 443 is used, which
invokes SSL.

CCS354 NETWORK SECURITY 30 UNIT III ACCESS CONTROL AND SECURITY

 When HTTPS is used, the following elements of the communication are encrypted:
URL of the requested document Contents of the document Contents of browser forms
(filled in by browser user) Cookies sent from browser to server and from server to
browser Contents of HTTP header
SECURE SHELL (SSH)
Secure Shell (SSH) is a protocol for secure network communications designed
to be relatively simple and inexpensive to implement. The initial version, SSH1
focused on providing a secure remote login facilities replace TELNET and other
remote logon schemes that provided no security.

CCS354 NETWORK SECURITY 31 UNIT III ACCESS CONTROL AND SECURITY

Transport Layer Protocol in SSH

CCS354 NETWORK SECURITY 32 UNIT III ACCESS CONTROL AND SECURITY

 Packet length: Length of the packet in bytes, not including the packet length and
MAC fields.
Padding length: Length of the random padding field. Payload: Useful contents of the
packet. Prior to algorithm negotiation, this field is uncompressed. If compression is
negotiated, then in subsequent packets, this field is compressed.
Random padding: Once an encryption algorithm has been negotiated, this field is
added. It contains random bytes of padding so that that total length of the packet
(excluding the MAC field) is a multiple of the cipher block size, or 8 bytes for a
stream cipher.

CCS354 NETWORK SECURITY 33 UNIT III ACCESS CONTROL AND SECURITY